www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Henri Yandell <he...@yandell.org>
Subject Re: What constitutes a source release?
Date Wed, 01 May 2013 19:09:52 GMT
On Wed, May 1, 2013 at 2:36 AM, Roy T. Fielding <fielding@gbiv.com> wrote:

> On Apr 30, 2013, at 11:39 PM, Henri Yandell wrote:
> Taking a stab at the clear policy, I'd propose adding this to
> resolved.html:
> "Source distributions must not contain binaries <quiet>(but let's not
> discuss binaries that are not enforced like
> http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/icons/)</quiet>.
> It's fine to have the user run a script to download binaries after they
> have downloaded the source <quiet>(such as
> download-binaries-from-svn-tag.sh, or perhaps when first running the
> application)</quiet>. "
> Either it's not clear to me, or the current policy is really just a vision
> towards a policy.
> Hen
> FWIW, I meant the binary object forms of compiled source code.
> That is what "binaries" means to me.
> If you think binaries means "anything other than text formats",
> then we are mis-communicating.  I don't know why you would think
> that, given character encodings for text are just another
> form of binary encoding, but it might be an age thing.

Good to hear :) This all kicked off from a question (LEGAL-163) of whether
a binary font was allowed in a source distribution. Considering a font to
be software seemed a stretch.

> Apache releases also contain generated scripts (where
> the source for those generated scripts is also included) and
> assorted other things that don't pose a security risk to
> recipients.  The policies are: (1) we only release open source
> that can be distributed under the terms of the Apache License,
> and the PMC release votes are based on individually (2) inspecting
> the source package to ensure that it can be used to build the
> Apache product and corresponds to some version of the source
> that the PMC is maintaining in our version control system(s)
> and (3) verifying that the contents are believed to be safe/legal
> for us to distribute.

Where, I assume, 'release' means the code we author rather than a limiting
factor for what we reuse.


View raw message